Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-1556

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01038EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 5:40 p.m.24 views

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS4.5AI score0.01038EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/18 5:40 p.m.33 views

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS2.6AI score0.01038EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/03/02 5:3 a.m.21 views

Arbitrary File Rewrite

spring-integration-zip is vulnerable to an arbitrary file rewrite aka a zip slip vulnerability. An incomplete fix of CVE-2018-1263 allows an attacker to send a malicious zip archive bzip2, tar, xz, war, cpio, 7z with path traversal filenames, leading to writing of files outside of the target...

5.3CVSS4.5AI score0.01446EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/03/01 6:15 p.m.20 views

Path traversal

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5CVSS4.7AI score0.01446EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/01 5:23 p.m.45 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.1AI score0.01038EPSS
Exploits0References1
NVD
NVD
added 2018/05/15 8:29 p.m.17 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS4.6AI score0.01446EPSS
Exploits0References2
OSV
OSV
added 2018/05/15 8:29 p.m.23 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS5AI score0.01446EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/15 8:0 p.m.19 views

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.6AI score0.01446EPSS
Exploits0References2
CVE
CVE
added 2018/05/15 8:0 p.m.84 views

CVE-2018-1263

CVE-2018-1263 affects spring-integration-zip (prior to 1.0.2 per initial, with later references noting fixes up to 1.0.4). The flaw is a path-traversal during archive extraction, where filenames are concatenated to the target directory, allowing an arbitrary file write outside the intended folder...

4.7CVSS4.8AI score0.01446EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder